[itayperl]

Hello,

I found that PCSX2 uses Zlib 1.2.1, but there's a newer version - 1.2.2, which, according to http://www.zlib.net/, "eliminates a potential security vulnerability in zlib 1.2.1". Why doesn't PCSX2 upgrade?


http://www.kb.cert.org/vuls/id/238678

 

[nonam3]

Although i'm not of the team, but i'll speak in a project i knkow closely, in wich we use zlib to transmit and receive data in secure enviroment (2 isolated pc's) and although zlib update is available since october, we only last month make the update.
Changlelog

# Eliminate a potential security vulnerability when decoding invalid compressed data
# Fix bug when decompressing dynamic blocks with no distance codes
# Do not return an error when using gzread() on an empty file

As you can see it corrects bugs that some of them are dificult to happen/exploit. In the case of pcsx2 zlib the security risk is minimum, because we will not have any hacker atacking pcsx2, but for example in the emule projec the update was done immediatly. Another point is that no bigger perfomance improvement, it's just a bugfix release.

This doesn't mean that pcsx2 team will not upgrade but probably is not Number One priority.

This are only my thoughs. Sorry ...